CN115964741A - Privacy calculation method, device, equipment and medium based on secure memory - Google Patents
Privacy calculation method, device, equipment and medium based on secure memory Download PDFInfo
- Publication number
- CN115964741A CN115964741A CN202211624935.8A CN202211624935A CN115964741A CN 115964741 A CN115964741 A CN 115964741A CN 202211624935 A CN202211624935 A CN 202211624935A CN 115964741 A CN115964741 A CN 115964741A
- Authority
- CN
- China
- Prior art keywords
- target
- preset
- program
- storage area
- target process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a privacy calculation method, a device, equipment and a medium based on a secure memory, which relate to the technical field of computers, and the method comprises the following steps: respectively storing program directories corresponding to all important program segments of the target program into different preset storage areas in a secure memory, and then operating the target program; in the running process of a target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area or not through an operating system; and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation. According to the method and the device, only the target process for creating the target storage area can access the target storage area, and other processes cannot access the target storage area, so that data in the target storage area cannot be seen, and privacy calculation is achieved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for privacy computation based on a secure memory.
Background
Privacy computing (Privacy computing or Privacy computing) refers to a technical set for realizing data analysis and computation on the premise of protecting data from being leaked outside, and achieves the purpose of 'available and invisible' of the data; on the premise of fully protecting data and privacy safety, the conversion and release of data value are realized; currently, during the running process of a program in a memory, data in the program can still be accessed (i.e. usable and visible), so that private calculation cannot be realized.
In summary, how to implement privacy computation is a problem to be solved urgently at present.
Disclosure of Invention
In view of this, the present invention provides a privacy calculation method, apparatus, device and medium based on secure memory, which can implement privacy calculation. The specific scheme is as follows:
in a first aspect, the present application discloses a privacy calculation method based on a secure memory, including:
respectively storing program directories corresponding to all important program segments of a target program into different preset storage areas in the secure memory, and then operating the target program;
in the running process of the target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area through an operating system; the preset storage areas correspond to the preset processes one by one;
and if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to operate the target program, and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation.
Optionally, the querying, by the operating system, whether the target process accessing the secure memory is a preset process for creating any one of the preset storage regions includes:
determining a target process ID of the target process;
inquiring whether target management data comprising the target process ID exist in a pre-established management linked list through an operating system;
if the target process exists, the target process is a preset process for creating any preset storage area;
and if the target process does not exist, the target process is not the preset process for creating any preset storage area.
Optionally, if the target process is the preset process, allowing the target process to access the target storage area created by the target process includes:
if the target process is the preset process, determining a target area code corresponding to the target process ID in the target management data, and allowing the target process to access the target storage area which is created by the target process and has the target area code based on the target area code.
Optionally, the privacy calculation method based on the secure memory further includes:
when a preset safety rule is set for the corresponding preset storage area through the preset process, a preset area code of the preset storage area is determined through an operating system, a preset process ID of the preset process is determined, then preset management data including the preset area code and the preset process ID are generated, and the preset management data are stored in the management linked list; the preset safety rule is one of write-only, read-only, writable and readable and read-write forbidding.
Optionally, if the target process is the preset process, allowing the target process to access the target storage area created by the target process so as to run the target program, further includes:
and when the target process is finished, calling a secure memory release interface through a client and releasing the program directory in the target storage area according to the target process.
Optionally, the privacy calculation method based on a secure memory further includes:
regularly inspecting the state of the target process and the state of the target storage area through a safety memory device management program;
and if the target process is finished and the target storage area is not idle, releasing the program directory in the target storage area through the safe memory device management program.
Optionally, the privacy calculation method based on the secure memory further includes:
and storing other program segments except the important program segment in the target program into a cache region which is divided in advance in the secure memory.
In a second aspect, the present application discloses a secure memory-based privacy computing apparatus, comprising:
the program operation module is used for respectively storing program catalogues corresponding to all important program segments of the target program into different preset storage areas in the secure memory and then operating the target program;
the query module is used for querying whether a target process accessing the secure memory is a preset process for creating any preset storage area or not through an operating system in the running process of the target program; the preset storage areas correspond to the preset processes one by one;
an access allowing module, configured to allow the target process to access a target storage area created by the target process if the target process is the preset process, so as to run the target program;
and the access forbidding module is used for forbidding the target process to access the preset storage area in the secure memory if the target process is not the preset process so as to realize privacy calculation.
In a third aspect, the present application discloses an electronic device comprising a processor and a memory; wherein the processor implements the secure memory-based privacy method disclosed above when executing the computer program stored in the memory.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the secure memory based privacy method disclosed above.
Therefore, the application stores the program directories corresponding to the important program segments of the target program into different preset storage areas in the secure memory respectively and then runs the target program; in the running process of the target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area through an operating system; the preset storage areas correspond to the preset processes one by one; if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to operate the target program, and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation. Therefore, only a preset process (target process) for creating the target storage area can access the target storage area, and other processes cannot access the target storage area, so that data in the target storage area cannot be seen, and privacy calculation is achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a privacy calculation method based on a secure memory according to the present application;
fig. 2 is a flowchart of a specific secure memory-based privacy calculation method provided in the present application;
FIG. 3 is a schematic diagram of a secure memory based privacy computing apparatus according to the present application;
fig. 4 is a block diagram of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Currently, during the running of programs in a memory, data in the programs can still be accessed (i.e., available, visible), and thus private calculation cannot be realized.
In order to overcome the problems, the application provides a privacy calculation scheme based on a secure memory, and privacy calculation can be achieved.
Referring to fig. 1, an embodiment of the present application discloses a privacy calculation method based on a secure memory, including:
step S11: and respectively storing program directories corresponding to the important program segments of the target program into different preset storage areas in the secure memory, and then operating the target program.
In this embodiment of the present application, after the program directories corresponding to the important program segments of the target program are stored in the different preset storage areas in the secure memory, the program directories corresponding to the important program segments of the target program may be further stored in the cache area pre-partitioned in the secure memory. It should be noted that the cache region is a partial region partitioned from the secure memory in advance, and a buffer region is allocated from a partial physical memory for caching system operations and data files. For example, if a plurality of processes access a file, the file can be read into the Cache, so that the next process obtains the control right of a Central Processing Unit (CPU) and accesses the file to directly read from the Cache, thereby improving the system performance, which is similar to the Cache design in the linux memory.
In this embodiment of the present application, before storing, in the secure memory, the other program segments except the important program segment in the target program into the cache region partitioned in advance, the method further includes: and dividing the Cache region in the secure memory, and establishing a synchronization mechanism between the Cache region and the secure memory, similar to a Cache and memory access mechanism, so as to operate a target program based on an important program segment and other program segments.
In the embodiment of the application, data protection is realized through the operation interface of the basic memory operation and management library newly-added safety memory device, program catalogs corresponding to important program segments are respectively stored in different preset storage areas in the safety memory through the external operation interface which is preset for the safety memory (device), and it needs to be pointed out that the data (important program segments) needing to be protected need to be marked, so that a compiler can place the data (important program segments) in a memory heap instead of a memory stack.
It should be noted that the program directory includes target attributes corresponding to the maca program segment and the important program segment, and the target attribute is one of write-only, read-only, writable, readable and read-write-prohibited.
It should be noted that the operation interface may reload the original memory application method, such as malloc, or newly create an interface, such as secm _ open; in addition, the operation interface adopts a file operation mode, such as read, write and close interfaces, to realize the application, reading, writing and releasing of the secure memory.
Step S12: in the running process of the target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area or not through an operating system; and the preset storage areas correspond to the preset processes one by one.
In the embodiment of the present application, only a preset process (target process) that creates the target storage area in advance can access the target storage area, and therefore it is necessary to determine whether the target process is a preset process that creates any one of the preset storage areas in advance. It should be noted that a predetermined process creates a predetermined storage area.
It is to be noted that, a preset process of setting a preset security rule for a preset storage area in advance is also a preset process of creating the preset storage area; the preset safety rules are the attributes of the preset storage areas, and the preset safety rules of each preset storage area are one of write-only, read-only, writable and readable and read-write forbidden; the preset safety rule of each preset storage area can be modified through an operating system.
Step S13: and if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to operate the target program, and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation.
In the embodiment of the application, if the target process is not a preset process for creating any preset storage area, the target process is prohibited from accessing the preset storage area in the secure memory, so that a program directory corresponding to an important program segment can be protected, and other unrelated processes are prevented from accessing the program directory, so that the program directory is invisible, and privacy calculation is realized.
In this embodiment of the application, if the target process is the preset process, allowing the target process to access the target storage area created by the target process so as to operate the target program, further includes: and when the target process is finished, calling a secure memory release interface through a client and releasing the program directory in the target storage area according to the target process. It should be noted that, when the target process is about to end, the secure memory SDK memory release interface is called to release the target storage area; the SDK memory release interface of the secure memory is an external operation interface of the secure memory.
It should be noted that, after the secure memory driver is loaded, the secure memory device management program is started, and the state of the target process and the state of the target storage area are regularly checked through the secure memory device management program at any time; if the target process is finished and the target storage area is not idle, releasing the program directory in the target storage area through the safe memory device management program; that is, when the target process is finished and the target storage area is not idle, the target process is in an abnormal state, and at this time, the secure memory device manager releases the target storage area.
In summary, the release of space in the protected privacy zone must be done by the user, just like the release after the user uses the memory. If the program is not released after the program exits (the process ends), the program is uniformly processed by the safe memory device management program. It should be noted that the target process ending also means that the target program corresponding to the target process is finished running and has exited running.
Therefore, the application stores the program directories corresponding to the important program segments of the target program into different preset storage areas in the secure memory respectively and then runs the target program; in the running process of the target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area through an operating system; the preset storage areas correspond to the preset processes one by one; and if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to operate the target program, and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation. Therefore, only a preset process (target process) for creating the target storage area can access the target storage area, and other processes cannot access the target storage area, so that data in the target storage area cannot be seen, and privacy calculation is achieved.
Referring to fig. 2, an embodiment of the present application discloses a specific privacy calculation method based on a secure memory, where the method includes:
step S21: and respectively storing the program directories corresponding to the important program segments of the target program into different preset storage areas in the secure memory, and then operating the target program.
For a more specific processing procedure of step S21, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Step S22: determining a target process ID of the target process; inquiring whether target management data comprising the target process ID exist in a pre-established management linked list through an operating system; if yes, the target process is a preset process for creating any preset storage area; if not, the target process is not the preset process for creating any preset storage area; and the preset storage areas correspond to the preset processes one by one.
In the embodiment of the present application, when a preset storage region is created in advance, a preset region code needs to be set for each preset storage region, and a preset Process ID (PID, process Identification, i.e., a Process identifier) is set for a preset Process in which the preset storage region is created in advance; then, when a preset safety rule is set for the corresponding preset storage area through the preset process, a preset area code of the preset storage area is determined through an operating system, a preset process ID of the preset process is determined, then preset management data comprising the preset area code and the preset process ID are generated, and the preset management data are stored in the management linked list; the preset safety rule is one of write-only, read-only, writable and readable and write-prohibited.
In this embodiment of the application, if a certain preset management data includes the target process ID, the preset management data is the target management data.
In the embodiment of the application, because only the preset process for creating the preset storage area can access the preset storage area, it is necessary to determine whether the target process is the preset process for creating any preset storage area; it should be noted that the process ID is used for the determination.
Step S23: if the target process is the preset process, determining a target area code corresponding to the target process ID in the target management data, and allowing the target process to access the target storage area which is created by the target process and has the target area code based on the target area code so as to operate the target program.
In this embodiment of the application, if the target process is the preset process, determining the preset region code stored in the target management data as a target region code corresponding to the target process ID, and allowing the target process to access the target storage region with the target region code created by the target process based on the target region code, so as to run the target program.
It should be noted that the target process accesses the target storage area which is created by the target process and has the target area code, and cannot access other preset storage areas, so that the program directories corresponding to the important program segments of the other preset storage areas are protected, data invisibility is realized, and privacy calculation is realized.
Step S24: and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation.
In the embodiment of the application, if the target process is not the preset process, the target process is prohibited from accessing the preset storage area in the secure memory, so that the program directory corresponding to the important program segment can be protected, and other unrelated processes are prevented from accessing the program directory, so that the program directory is invisible, and privacy calculation is realized.
In summary, for accessing a protected area, it is necessary to detect a process ID, and in combination with the characteristics of file operation, an OS (Operating System) completes detection and verification of a process to which the area belongs, and only a process creating the area can access the area.
The method comprises the steps that program directories corresponding to important program segments of a target program are stored in different preset storage areas in the secure memory respectively, and then the target program is operated; determining a target process ID of the target process; inquiring whether target management data comprising the target process ID exists in a pre-established management linked list or not through an operating system; if the target process exists, the target process is a preset process for creating any preset storage area; if not, the target process is not the preset process for creating any preset storage area; the preset storage areas correspond to the preset processes one by one; if the target process is the preset process, determining a target area code corresponding to the target process ID in the target management data, and allowing the target process to access the target storage area which is created by the target process and has the target area code based on the target area code so as to operate the target program. Therefore, whether a preset storage area (target storage area) is created by the target process is judged based on the target process ID, if so, the target storage area is accessed based on the target area code, and if not, all the preset storage areas cannot be accessed; therefore, only a preset process (target process) for creating the target storage area can access the target storage area, and other processes cannot access the target storage area, so that data in the target storage area is invisible, and privacy calculation is realized
Referring to fig. 3, an embodiment of the present application discloses a privacy computing apparatus based on a secure memory, including:
the program running module 11 is configured to store program directories corresponding to the important program segments of the target program into different preset storage areas in the secure memory, and then run the target program;
the query module 12 is configured to query, by using an operating system, whether a target process accessing the secure memory is a preset process for creating any one of the preset storage regions in the running process of the target program; the preset storage areas correspond to the preset processes one by one;
an access permission module 13, configured to, if the target process is the preset process, allow the target process to access a target storage area created by the target process, so as to run the target program;
and an access prohibition module 14, configured to prohibit the target process from accessing the preset storage area in the secure memory if the target process is not the preset process, so as to implement privacy calculation.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the application stores the program directories corresponding to the important program segments of the target program into different preset storage areas in the secure memory respectively and then runs the target program; in the running process of the target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area through an operating system; the preset storage areas correspond to the preset processes one by one; if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to operate the target program, and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation. Therefore, only a preset process (target process) for creating the target storage area can access the target storage area, and other processes cannot access the target storage area, so that data in the target storage area cannot be seen, and privacy calculation is achieved.
In a specific embodiment, the query module 12 specifically includes:
a determining unit, configured to determine a target process ID of the target process;
the query unit is used for querying whether target management data comprising the target process ID exists in a pre-established management linked list through an operating system;
the existence unit is used for establishing a preset process of any preset storage area if the target process exists;
and the non-existence unit is used for not creating the preset process of any preset storage area by the target process if the target process does not exist.
In a specific embodiment, the module for allowing access 13 specifically includes:
and the access permitting unit is used for determining a target area code corresponding to the target process ID in the target management data if the target process is the preset process, and permitting the target process to access the target storage area which is created by the target process and has the target area code based on the target area code.
In an embodiment, the secure memory-based privacy computing apparatus specifically further includes:
and the management link creating unit is used for determining a preset region code of the preset storage region and a preset process ID of the preset process through an operating system when a preset safety rule is set for the corresponding preset storage region through the preset process, then generating preset management data comprising the preset region code and the preset process ID, and storing the preset management data to the management linked list.
In an embodiment, the secure memory-based privacy computing apparatus specifically further includes:
and the first release unit is used for calling a secure memory release interface through a client and releasing the program catalog in the target storage area according to the target process when the target process is finished.
In a specific embodiment, the secure memory-based privacy computing device further includes:
the inspection unit is used for regularly inspecting the state of the target process and the state of the target storage area through a safe memory device management program;
and a second releasing unit, configured to release, by the secure memory device management program, the program directory in the target storage area if the target process is finished and the target storage area is not idle.
In an embodiment, the secure memory-based privacy computing apparatus specifically further includes:
and the storage unit is used for storing other program segments except the important program segment in the target program into a cache region which is divided in advance in the secure memory.
Further, an electronic device is provided in the embodiments of the present application, and fig. 4 is a block diagram of the electronic device 20 according to an exemplary embodiment, which should not be construed as limiting the scope of the application.
Fig. 4 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, an input output interface 24, a communication interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps of the secure memory-based privacy computation method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 25 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 24 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., the storage 22 is used as a non-volatile storage that may include a random access memory as an operating memory and a storage purpose for an external memory, and the storage resources on the storage include an operating system 221, a computer program 222, etc., and the storage manner may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device on the electronic device 20 on the source host and the computer program 222, and the operating system 221 may be Windows, unix, linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the secure memory based privacy calculation method disclosed by any of the foregoing embodiments and executed by the electronic device 20.
In this embodiment, the input/output interface 24 may specifically include, but is not limited to, a USB interface, a hard disk reading interface, a serial interface, a voice input interface, a fingerprint input interface, and the like.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the secure memory-based privacy computation method disclosed above.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
A computer-readable storage medium as referred to herein includes a Random Access Memory (RAM), a Memory, a Read-only Memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a magnetic or optical disk, or any other form of storage medium known in the art. Wherein the computer program, when executed by a processor, implements the secure memory-based privacy computation method described above. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. For the device disclosed by the embodiment, since the device corresponds to the privacy calculation method based on the secure memory disclosed by the embodiment, the description is relatively simple, and the relevant points can be referred to the description of the method part.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the components and steps of the various examples have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The privacy computing method, device, equipment and medium based on the secure memory provided by the invention are introduced in detail, specific examples are applied in the text to explain the principle and the implementation mode of the invention, and the description of the above embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A privacy calculation method based on a secure memory is characterized by comprising the following steps:
respectively storing program directories corresponding to all important program segments of a target program into different preset storage areas in the secure memory, and then operating the target program;
in the running process of the target program, inquiring whether a target process accessing the secure memory is a preset process for creating any preset storage area through an operating system; the preset storage areas correspond to the preset processes one by one;
if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to operate the target program, and if the target process is not the preset process, forbidding the target process to access the preset storage area in the secure memory so as to realize privacy calculation.
2. The privacy computation method based on the secure memory according to claim 1, wherein the querying, by the operating system, whether the target process accessing the secure memory is a preset process that creates any one of the preset storage regions comprises:
determining a target process ID of the target process;
inquiring whether target management data comprising the target process ID exist in a pre-established management linked list through an operating system;
if the target process exists, the target process is a preset process for creating any preset storage area;
and if the target process does not exist, the target process is not the preset process for creating any preset storage area.
3. The private computing method based on the secure memory according to claim 2, wherein the allowing, if the target process is the preset process, the target process to access a target storage area created by the target process includes:
if the target process is the preset process, determining a target area code corresponding to the target process ID in the target management data, and allowing the target process to access the target storage area which is created by the target process and has the target area code based on the target area code.
4. The secure-memory-based privacy computation method of claim 3, further comprising:
when a preset safety rule is set for the corresponding preset storage area through the preset process, a preset area code of the preset storage area is determined through an operating system, a preset process ID of the preset process is determined, then preset management data comprising the preset area code and the preset process ID are generated, and the preset management data are stored in the management linked list; the preset safety rule is one of write-only, read-only, writable and readable and read-write forbidding.
5. The secure-memory-based privacy computation method according to claim 1, wherein if the target process is the preset process, allowing the target process to access a target storage area created by the target process so as to run the target program, further comprises:
and when the target process is finished, calling a secure memory release interface through a client and releasing the program directory in the target storage area according to the target process.
6. The secure-memory-based privacy computation method of claim 5, further comprising:
regularly inspecting the state of the target process and the state of the target storage area through a safety memory device management program;
and if the target process is finished and the target storage area is not idle, releasing the program directory in the target storage area through the safe memory device management program.
7. The secure-memory-based privacy computation method of any one of claims 1 to 5, further comprising:
and storing other program segments except the important program segment in the target program into a cache region which is divided in advance in the secure memory.
8. A secure memory based privacy computing device, comprising:
the program operation module is used for respectively storing program catalogues corresponding to all important program segments of the target program into different preset storage areas in the secure memory and then operating the target program;
the query module is used for querying whether a target process accessing the secure memory is a preset process for creating any preset storage area or not through an operating system in the running process of the target program; the preset storage areas correspond to the preset processes one by one;
an access allowing module, configured to allow the target process to access a target storage area created by the target process if the target process is the preset process, so as to run the target program;
and the access forbidding module is used for forbidding the target process to access the preset storage area in the secure memory if the target process is not the preset process so as to realize privacy calculation.
9. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the secure-memory-based privacy computation method of any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the secure memory based privacy computation method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211624935.8A CN115964741A (en) | 2022-12-16 | 2022-12-16 | Privacy calculation method, device, equipment and medium based on secure memory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211624935.8A CN115964741A (en) | 2022-12-16 | 2022-12-16 | Privacy calculation method, device, equipment and medium based on secure memory |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115964741A true CN115964741A (en) | 2023-04-14 |
Family
ID=87361311
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211624935.8A Pending CN115964741A (en) | 2022-12-16 | 2022-12-16 | Privacy calculation method, device, equipment and medium based on secure memory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115964741A (en) |
-
2022
- 2022-12-16 CN CN202211624935.8A patent/CN115964741A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10810309B2 (en) | Method and system for detecting kernel corruption exploits | |
| US8010995B2 (en) | Methods, systems, and computer program products for implementing inter-process integrity serialization | |
| US9146735B2 (en) | Associating workflows with code sections in a document control system | |
| US20080127142A1 (en) | Compiling executable code into a less-trusted address space | |
| KR101890125B1 (en) | Memory alignment randomization method for mitigation of heap exploit | |
| RU2584507C1 (en) | Method of providing safe execution of script file | |
| US20170185344A1 (en) | Memory access control | |
| KR20080104591A (en) | Memory protection method and apparatus | |
| KR20050018630A (en) | Method and apparatus for physical address-based security to determine target security | |
| JP2018124893A (en) | Computer system and file access controlling method | |
| US6725345B2 (en) | Object-oriented program with a memory accessing function | |
| US20190370439A1 (en) | Secure system on chip for protecting software program from tampering, rehosting and piracy and method for operating the same | |
| RU2357287C2 (en) | Safe identification of executable file for logical object determining confidence | |
| KR101460451B1 (en) | Apparatus and method for controlling process address space | |
| KR100941743B1 (en) | Method and apparatus for multi-table accessing of input/output devices using target security | |
| CN115964741A (en) | Privacy calculation method, device, equipment and medium based on secure memory | |
| US11055202B1 (en) | Compilation scheme for tagged global variables | |
| KR102324950B1 (en) | A method and apparatus for efficiently detecting a vulnerability in a memory of a heap area | |
| EP2431897A1 (en) | Inter-process interference elimination | |
| US20160313938A1 (en) | Fine grained memory protection to thwart memory overrun attacks | |
| CN112580023B (en) | Shadow stack management method and device, medium and equipment | |
| CN112835595B (en) | Method, device, equipment and medium for running AIX system on small core architecture | |
| EP3814910B1 (en) | Hardware protection of files in an integrated-circuit device | |
| US11150887B2 (en) | Secure code patching | |
| US10769048B2 (en) | Advanced binary instrumentation for debugging and performance enhancement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |